Improve the performances of our default rules

author: jvoisin 2018-03-09 17:37:51 +0100
committer: jvoisin 2018-03-09 17:37:51 +0100
commit: 9f8293d686c8cfe66a6bad147896399c70d97bb3 (patch)
tree: 703b07a9fd74045b1c66140b3046074d1cae56ab
parent: fd60cd5c1ef701710bccc407272f72b9e9ac3f7c (diff)
1 files changed, 19 insertions, 9 deletions
diff --git a/config/default.rules b/config/default.rules
index a5ea3d1..fb53708 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -36,13 +36,22 @@ sp.disable_function.function("function_exists").param("function_name").value_r("
 sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
 # Ghetto sqli hardening
-sp.disable_function.function_r("mysqli?_query").param("query").value_r("/\\*").drop();
+sp.disable_function.function("mysql_query").param("query").value_r("/\\*").drop();
-sp.disable_function.function_r("mysqli?_query").param("query").value_r("--").drop();
+sp.disable_function.function("mysql_query").param("query").value_r("--").drop();
-sp.disable_function.function_r("mysqli?_query").param("query").value_r("#").drop();
+sp.disable_function.function("mysql_query").param("query").value_r("#").drop();
-sp.disable_function.function_r("mysqli?_query").param("query").value_r(";.*;").drop();
+sp.disable_function.function("mysql_query").param("query").value_r(";.*;").drop();
-sp.disable_function.function_r("mysqli?_query").param("query").value_r("benchmark").drop();
+sp.disable_function.function("mysql_query").param("query").value_r("benchmark").drop();
-sp.disable_function.function_r("mysqli?_query").param("query").value_r("sleep").drop();
+sp.disable_function.function("mysql_query").param("query").value_r("sleep").drop();
-sp.disable_function.function_r("mysqli?_query").param("query").value_r("information_schema").drop();
+sp.disable_function.function("mysql_query").param("query").value_r("information_schema").drop();
+sp.disable_function.function("mysqli_query").param("query").value_r("/\\*").drop();
+sp.disable_function.function("mysqli_query").param("query").value_r("--").drop();
+sp.disable_function.function("mysqli_query").param("query").value_r("#").drop();
+sp.disable_function.function("mysqli_query").param("query").value_r(";.*;").drop();
+sp.disable_function.function("mysqli_query").param("query").value_r("benchmark").drop();
+sp.disable_function.function("mysqli_query").param("query").value_r("sleep").drop();
+sp.disable_function.function("mysqli_query").param("query").value_r("information_schema").drop();
 sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop();
 sp.disable_function.function("PDO::query").param("query").value_r("--").drop();
 sp.disable_function.function("PDO::query").param("query").value_r("#").drop();
@@ -52,8 +61,9 @@ sp.disable_function.function("PDO::query").param("query").value_r("sleep\\s*\\("
 sp.disable_function.function("PDO::query").param("query").value_r("information_schema").drop();
 # Ghetto sqli detection
-sp.disable_function.function_r("mysqli?_query").ret("FALSE").drop();
+sp.disable_function.function("mysql_query").ret("FALSE").drop();
-sp.disable_function.function_r("PDO::query").ret("FALSE").drop();
+sp.disable_function.function("mysqli_query").ret("FALSE").drop();
+sp.disable_function.function("PDO::query").ret("FALSE").drop();
 #File upload
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
author	jvoisin	2018-03-09 17:37:51 +0100
committer	jvoisin	2018-03-09 17:37:51 +0100
commit	9f8293d686c8cfe66a6bad147896399c70d97bb3 (patch)
tree	703b07a9fd74045b1c66140b3046074d1cae56ab
parent	fd60cd5c1ef701710bccc407272f72b9e9ac3f7c (diff)